CVE-2026-25701 An — Exploit & Vulnerability Details HIGH

CVE-2026-25701

HIGH CVSS 4.0: 7.0 EPSS 0.02%

Parameter	Value
CVSS	7.0 (HIGH)
Affected Versions	before 5880246
Type	CWE-377
Vendor	An
Public PoC	No

An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: * gain access to possible private information found in /var/lib/pcrlock.d * manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the integrity of the data should it be restored. * overwrite protected system files with data from /var/lib/pcrlock.d by placing symlinks to existing files in the directory tree in /tmp/pcrlock.d.bak. This issue affects sdbootutil: from ? before 5880246d3a02642dc68f5c8cb474bf63cdb56bca.

Attack Parameters

Attack Vector

Local

Requires local access

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v4.0

Weakness Type (CWE)

CWE-377

References 1

https://bugzilla.suse.com/show_bug.cgi?id=1258241

meissner@suse.de

Share Post Share Share Share

Menu

CVE-2026-25701

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 1

CVE Details

Editor's Choice

Menu

CVE-2026-25701

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 1

CVE Details

Editor's Choice

Stay informed on cybersecurity